Conditional Access systems, such as Pay-TV systems, are known that use software tamper resistance to protect key storage and entitlement processing steps in a digital TV receiver.
Software tamper resistance technology uses basic primitives to obscure software code transformations. Examples of basic primitives are “Apply”, “Remove” and “Condition”. FIG. 1A, FIG. 1B and FIG. 1C show block diagrams of an apply primitive A, a remove primitive R and a condition primitive C, respectively. The apply primitive typically uses a function A(D,S)=AS(D)=DTS to transforms a data element D according to a parameter seed S. The remove primitive typically uses a function R(DTS,S)=RS(DTS)=D to reverse the transformation of a data element D based on a seed S. The conditional primitive typically uses a function C(D1,D2)=CD1(D2)=DCS, wherein the output is a correlation of the two inputs.
The seed S can be constructed from a mixture of multiple data elements. This makes it difficult to extract the individual data elements from the seed. The parameter mixing functions are typically denoted as f(A,B)=<A,B>. The function result <A,B> is called the compound of A and B. Hereinafter, seeds and compounds are both referred to as “seeds”.
The primitives are typically combined when implementing key management functions in a Conditional Access system. The combination of primitives results in a new function wherein the individual primitives are no longer identifiable. Known examples of combinations of primitives are a combination of remove and apply primitives and a secure correlation of compounds.
FIG. 1D shows an instance of a combination of remove and apply primitives. The transformation uses a compound <P,S> in a combined remove and apply operation. The function RPAS modifies the input data by replacing a transformation using the seed P with a transformation using the seed S, i.e. DataTP is transformed into DataTS.
FIG. 1E shows an instance of a secure correlation of compounds. It is typically used for conditional entitlement processing and comprises a combination of the basic primitives apply, remove and condition. The conditional function can be combined with remove and apply blocks RpAs of FIG. 1D to perform a secure correlation of compounds.
FIG. 2 shows an example of a split key delivery. In FIG. 2 a CW is generated from three subkeys CW1, CW2 and CW3. The subkeys CW1, CW2 and CW3 are distributed under protection of seeds P, G and U, respectively. Hereto CW1 is distributed in a mathematically transformed form in transformation space P, CW2 is distributed in a mathematically transformed form in transformation space G and CW3 is distributed in a mathematically transformed form in transformation space U.
FIG. 3 shows an example of CW processing in a receiver. In FIG. 3 the CW is generated from subkeys and a membership check is performed. The processing is divided in two basic parts: a secure computation environment and a generic processing environment. Functional modules in the generic processing environment and the secure computation environment form an entitlement transform tree for transforming an input transformed CW, e.g. CWDTP, into a CW encrypted using a receiver specific key, e.g. {CW}CSSK. The generic processing environment deals with the external interfaces such as storage, data communication and user interaction. The secured computation environment deals with the processing of keys and/or seeds.
An ECM Delivery Path is used for the reception of entitlement control messages (ECM) from a head-end system. The ECM comprises an encrypted or transformed CW. An EMM Delivery Path is used for the reception of entitlement management messages (EMM) from the head-end system. The EMM comprises keys or seeds for decrypting or transforming the encrypted or transformed CW.
The software tamper resistance primitives in the secure computation environment have inputs and outputs that are not useful to an attacker if intercepted. The remove operation on the transformed control word CWDTP requires value P, which is received in a compound <P,G1>, thus tied with G1. G1 is distributed in a compound <G1,U1>, thus tied with U1. After the two Remove/Apply operations RPAG1 and RG1AU1, the obtained transformed control word CWDTU1 is input to a TDES Encryption Whitebox module for the generation of an encrypted CW that can be processed by the receiver. The resulting CW is encrypted using a receiver specific key such as a chip set session key CSSK. The CSSK is typically provided in one of the entitlement messages. The CSSK, U1 and U2 values are typically provided to the TDES Encryption Whitebox as a compound <CSSK,U1,U2>.
The conditional entitlement processing of FIG. 3 uses a secure correlation function RG2CvectorAU2 to implement a group membership check. A result of the correlation computation is a Control Word Difference Key CWDK in transformation space U2, i.e. CWDKCTU2. CWDKCTU2 and CWDTU1 are subkeys used in the calculation of the CW in the TDES Encryption Whitebox.
Subkeys, such as CW1, CW2 and CW3 of FIG. 2 and CWDKCTU2 and CWDTU1 of FIG. 3, may have different life spans. As an example CW1 may change on a regular basis such as every 10 seconds, CW2 may change on a sporadic basis measured in days and CW3 may change very seldom measured in months.
Known software tamper resistant conditional entitlement processing technologies for the obtainment of CWs from transformed subkeys do not take into account the different life spans of subkeys. As a consequence all intermediate operations in the conditional entitlement processing are always performed in order to obtain the CW. The execution of each intermediate operation is expensive in terms of processor cycles.
There is a need to reduce the number of computations in software tamper resistant conditional entitlement processing technologies, especially in devices wherein processing capabilities are limited, while not adversely affecting the tamper resistance of the implementation.